Hello Fellow PA users!
I have recently integrated Palo alto Cortex XSOAR with my LogRhythm SIEM solution.
Can anyone suggest some use-cases which they have tested in their environment.
Thanks
Cortex XSOAR
Hi Team ,
we've created a playbook condition in which if the risk is greater than zero, the IP should be added to the list created below, otherwise ., it should be added to another list . The input are in an array . How can i make them into single ele
hello everyone,
I was reviewing the user investigation - generic playbook for a bit, I would like to have your support by explaining to me what types of uses this playbook could be applied to and if anyone of you already has it implemented.
Thank y
...
Hi,
one question about O365 integration. Maybe it's a O365 question, not a XSOAR one, but I'd like to know if I can do it with XSOAR.
I have an alert "Email reported by user as malware or phish" from Microsoft Graph Identity and Access integration.
...
Looking for a way to prompt user to confirm before script execution. Is there a way to prompt user to confirm (i.e, in War Room)?
Hi everyone,
I am trying to achieve the following scenario:
Send a form with data collection task, the form is closed after 4 weeks. The form asks for a hostname to contain within CrowdStrike
Every time someone answers the form, I want to contain t
...
Hi everyone,
I'd like to know if it's possible to test Playbooks via the command line interface or something similar. Currently, I always use the GUI for testing purposes, loading an incident from the debugger panel and just clicking to run. However,
...
Hello,
I am sending a command like below on the API.
!core-api-post uri="/incident/batchDelete" body="{\"filter\":{\"id\":[\"260906\"]}}"
But it does not delete the incidents I want. It does not give an error.
How to use this correctly? I want to
I would like to use a Context key Value as a variable in a task, is this possible, or how are people accomplishing this in XSOAR? Do i need to create a custom script? I saw someone else mention they were able to do something similar with Lists, but
...
hello everyone !
I'm new to XSOAR, I hope you'll be patient with me. I have created a small job in which I execute a SELECT type SQL query, the result is a series of records. Here I have some doubts:
- How can I map the result of each record in each
Hello !!
I have created an automation to execute a SQL query (SELECT), however additional fields appear in the result ("module name", "brand", etc). How can I remove these fields? My intention is to email the result of the SELECT query only the field
...
Need help, as in Cortex XSOAR , I'm having issues adding my domains and internal networks to a whitelist
In the settings, I have two options for this, but I can't edit them.
Anyone else experiencing the same issue? My objective was to insert and exclu
Greetings to everyone,
With the help of an automation, I extract indicators from incoming incidents. I do this by running commands that createNewIndicator and then enrichIndicator. But these are not written to the context. I need to write them to the
...
Trying to install community edition on ubuntu ec2 instance via wget but getting 401 unauthorized error.
Any assistance on this ?
Hello,
Do I have to select everything individually when syncing content from main tenant to child tenants?
For example,
I will sync the playbook, I cannot see the indicent fields used in the playbook. I have to select them one by one.
How can I make i
